首页 | 本学科首页   官方微博 | 高级检索  
     


The security of access to accounts under the PSD2
Authors:P.T.J. Wolters  B.P.F. Jacobs
Affiliation:1. Business and Law Research Centre, Radboud University, Nijmegen, The Netherlands;2. Institute for Computing and Information Science, Radboud University, Nijmegen, Netherlands
Abstract:The revised Payment Services Directive (‘PSD2’) has been adopted to stimulate the development of an integrated internal market for payment services. In particular, it facilitates payment initiation services and account information services by granting the providers of these services access to the accounts of the payment service users. At the same time, the recitals state that the PSD2 guarantees a high level of consumer protection, security of payment transactions and protection against fraud.This paper answers the following question: To what extent does the access to accounts of the payment initiation service providers and account information service providers balance the development of the market for payment services with the security of the payment account and the privacy of the user? An analysis of the PSD2 shows that the development of the market for payment services has a higher priority. Security and privacy are ultimately subordinate.First, the PSD2 does not adequately protect the personal data of the users. The definition of ‘account information service’ is broad and covers a wide range of services. This allows the payment service providers to circumvent the limitations of the access to accounts.Next, the payment service providers have a ‘fall back option’ that allows ‘screen scraping’ if the dedicated interface is not functioning properly. Although this access is constrained by several safeguards, the fall back option gives the payment services provider unlimited access to the account of the user.Finally, the payment service providers have considerable freedom to arrange their authentication process as they see fit. The banks seem to be required to trust this process. The PSD2 and regulatory technical standards do not demand that a bank is able to verify the authentication or the integrity of the payment order.
Keywords:PSD2  GDPR  Access to account
本文献已被 ScienceDirect 等数据库收录!
设为首页 | 免责声明 | 关于勤云 | 加入收藏

Copyright©北京勤云科技发展有限公司  京ICP备09084417号